Ransomware Attack on Kudankulam Nuclear Project
A recent ransomware attack targeted a contractor involved in the Kudankulam nuclear power project, raising significant concerns. Although the plant's integrity remains intact, this incident highlights vulnerabilities in India's cybersecurity framework.
Background and Previous Incidents
- In 2019, malware was detected on the administrative network of the Kudankulam facility, though the operational reactor network was reportedly unaffected.
- The latest incident follows a similar pattern, underscoring persistent cybersecurity challenges.
Issues with Breach Disclosure
- India's breach disclosure regime is often inconsistent and opaque.
- Affected organizations fear that admitting breaches could damage public confidence, affect share prices, and invite regulatory scrutiny.
- Many lack mature incident response capabilities, treating cybersecurity more as a compliance issue than a necessity.
Details of the Current Attack
- The ransomware attack was executed by a group called ‘World Leaks’ targeting systems of Reliance Infrastructure, a contractor for Units 3 and 4.
- Data was hosted by Yotta Data Services, which detected suspicious activity on May 29, with data appearing on World Leaks by June 11.
- NPCIL issued a formal clarification only by July 15, after media reports.
- Approximately 14.3 GB of files were released, including sensitive infrastructure layouts and vendor lists.
Impact and Response
- India ranks as the third-most breached country, with prior incidents affecting AIIMS Delhi, airlines, and State government portals.
- Kudankulam is central to India's nuclear ambitions, necessitating robust cybersecurity measures.
Recommendations and Conclusion
- Entities like CERT-In and NPCIL should clarify the authenticity of the released files and assess if data was exfiltrated.
- Focus on improving cyber-hygiene and ensuring proactive communication to mitigate future risks.